#!/bin/bash ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC ## See the file COPYING for copying conditions. check_stream_isolation() { if [ "$vm_lower_case_short" = "machine" ]; then return 0 fi if [ ! "$leak_tests" = "true" ]; then local MSG="\

$FUNCNAME $1: Skipped, because not using --leak-tests (--show-ip), ok.

" if [ "$verbose" -ge "1" ]; then $output_x ${output_opts[@]} --messagex --typex "info" --message "$MSG" $output_cli ${output_opts[@]} --messagecli --typecli "info" --message "$MSG" fi return 0 fi if [ "$silent" -ge "3" ]; then true "silent is $silent. Skipping $FUNCNAME." return 0 fi ## Check if curl failed. if [ ! "$CHECK_TOR_RESULT_SOCKS_PORT" = "True" ]; then if test -f /run/qubes/this-is-templatevm ; then local type=info local MSG="

Stream Isolation Test: Ok, skipped, because SocksPort test failed! Can not test stream isolation. This is expected in default configuration of TemplateVMs in Qubes R4.0 and above.

" if [ "$verbose" -ge "1" ]; then $output_x ${output_opts[@]} --messagex --typex "info" --message "$MSG" $output_cli ${output_opts[@]} --messagecli --typecli "info" --message "$MSG" return 0 fi else local MSG="

Stream Isolation Test: Skipped, because SocksPort test failed! Can not test stream isolation.

" if [ "$silent" -ge "2" ]; then true "silent is $silent. Skipping output." return 0 fi $output_x ${output_opts[@]} --messagex --typex "error" --message "$MSG" $output_cli ${output_opts[@]} --messagecli --typecli "error" --message "$MSG" EXIT_CODE="1" fi return 0 fi ## Check if curl failed. if [ ! "$CHECK_TOR_RESULT_TRANS_PORT" = "True" ]; then if [ "$VM" = "Whonix-Gateway" ]; then local type=info local MSG="

Stream Isolation Test: Ok, skipped, because TransPort test failed! Can not test stream isolation. This is expected on Whonix-Gateway's default configuration.

" else local type=error local MSG="

Stream Isolation Test: Skipped, because TransPort test failed! Can not test stream isolation.

" fi if [ "$silent" -ge "2" ]; then true "silent is $silent. Skipping output." return 0 fi $output_x ${output_opts[@]} --messagex --typex "$type" --message "$MSG" $output_cli ${output_opts[@]} --messagecli --typecli "$type" --message "$MSG" return 0 fi ## Let's compare TransPort with SocksPort. if [ "$IP_TRANS_PORT" = "$IP_SOCKS_PORT" ]; then ## TODO: Stream Isolation should be tested on Whonix-Gateway using Tor's Control Port. - https://phabricator.whonix.org/T76 ## Old, more confusing message: ## TransPort and SocksPort have the same IP. This is sometimes normal. local MSG="

Stream Isolation Test Result: TransPort and SocksPort have the same IP. This is normal.

" if [ "$silent" -ge "2" ]; then true "silent is $silent. Skipping output." return 0 fi $output_x ${output_opts[@]} --messagex --typex "info" --message "$MSG" $output_cli ${output_opts[@]} --messagecli --typecli "info" --message "$MSG" else if [ "$NOT_USING_TOR" = "1" ]; then local MSG="

Stream Isolation Test Result: TransPort and SocksPort IPs differ, but Tor not detected! This is normal only if you're using a VPN behind Tor or specifically configured $PROJECT_NAME this way.

" $output_x ${output_opts[@]} --messagex --typex "info" --message "$MSG" $output_cli ${output_opts[@]} --messagecli --typecli "info" --message "$MSG" else local MSG="

Stream Isolation Test Result: Functional.

" if [ "$silent" -ge "2" ]; then true "silent is $silent. Skipping output." return 0 fi $output_x ${output_opts[@]} --messagex --typex "info" --message "$MSG" $output_cli ${output_opts[@]} --messagecli --typecli "info" --message "$MSG" fi fi }